"Consistent with the trend we have observed for nearly a decade, in comparison to other state sponsors, PRC-nexus groups remained the most prolific users of zero-day vulnerabilities in 2025. These groups, such as UNC5221 and UNC3886, continued to focus heavily on security appliances and edge devices to maintain persistent access to strategic targets."
"In 2025, Microsoft accounted for 25 of the zero-days, followed by Google (11), Apple (8), and Cisco (4). Operating systems (both mobile and desktop) were the most targeted, increasing from 40% of the total in 2024 to 44% in 2025."
"Mobile device zero-days also increased, from 9 vulnerabilities in 2024 to 15 in 2025. However, in the case of mobile exploits, Google noted that in many cases three or more flaws were chained to achieve a single goal."
Google's Threat Intelligence Group reported 90 zero-day vulnerabilities exploited in 2025, compared to 78 in 2024 and 100 in 2023. Microsoft was the most targeted vendor with 25 zero-days, followed by Google, Apple, and Cisco. Operating systems became increasingly targeted, rising from 40% to 44% of exploits. Mobile device vulnerabilities increased from 9 to 15, often involving chained exploits. Browser zero-days continued declining, suggesting either improved security or more sophisticated attacks. Commercial surveillance vendors led threat actor exploitation with 15 zero-days, while state-sponsored groups, particularly China-nexus organizations, accounted for 12 vulnerabilities. Nearly half of the exploited zero-days targeted enterprise technologies.
#zero-day-vulnerabilities #enterprise-security #state-sponsored-cyberespionage #mobile-device-threats #commercial-surveillance-vendors
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]